find them in my code...
very cool, just anotha new level of confidence...and power....
(if ya catch the lyric there, you're good)
-----Original Message-----
From: Ian Vaughan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 10:54 AM
To: CF-Talk
Subject: RE: Securing CF Apps.
Does anybody use the CFQUERYPARAM tag for securing sql which is highlighted
at
Securing Database Access Using the cfqueryparam Tag
http://www.macromedia.com/devnet/mx/coldfusion/articles/cfqueryparam.htm
l
-----Original Message-----
From: Tangorre, Michael [mailto:[EMAIL PROTECTED]
Sent: 23 March 2004 15:27
To: CF-Talk
Subject: RE: Securing CF Apps.
I do not encrypt all values in my forms (I do for URLs though).
The reason I
encrypt some form field values and not others is that they are not
all
important if altered by a malicious user...
For instance. If I have a text box, I do not need to encrypt a
date... My
checks to ensure that the text supplied in that field is a date will
take
care of that. I encrypt important values that are used within
queries:
SELECT *
FROM table
WHERE someId = Decrypt(form.idfield,"key")
This hides the type of values I am using to build the query with and
it also
limits the data that is exposed to the end user.
Mike
> > Yes. All URL and FORM variables should be encypted.
> Especially if you
> > are using a fusebox methodology.
>
> I've tried this, but my users were really upset with prompts
> such as this:
>
> "Please Enter the Hash value of the date you would like"
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
